The continuous expansion of information and communications technologies has allowed the development of remote transactions in recent years. Such development involves new technological challenges such as that of offering security and therefore confidence to the parties involved. One of the main problems is assuring the integrity and authorship of the information provided by the users, both during the transmission of this information and in its long-term storage. The present invention describes a method for the protection of the integrity and authorship of a user information registration, applicable in remote and/or in-person voter registration environments. This invention describes how the items of integrity and authorship proof of the registration information are generated using biometric techniques and how a verification of said items of proof can be carried out.
Carrying out a remote registration provides greater convenience to the users since they do not have to travel to a registration office. However, such registration has several security risks such as the possibility of altering the registration information of the user, either while it is sent or even once the registration information has reached its destination. This alteration could affect both the integrity of the contents of the information and the authorship of said information, i.e., the modification or supplantation of the identity of the author who has provided the information. It is therefore important to preserve the integrity and authorship of this information at all times.
There are currently proposals which protect the integrity and authorship of the information by means of using digital signatures. By definition, a digital signature protects the integrity of the information represented in electronic format and links it to the person who generates it. The digital signature thus serves to carry out the identification of the party emitting the data and also to verify that the contents have not been manipulated once signed. In addition, the use of digital signatures has two limitations: the need to provide the users with a digital certificate and the need to require the users to have cryptographic means for generating a digital signature from their user certificate. This limits the use of these proposals to those environments in which the users have digital certificates and devices with cryptographic capacities for generating a digital signature, such as a personal computer for example. These proposals include inventions WO0120431A2, US20020138341A1 and WO2004070665, which attempt to solve the problem of protecting the integrity and authorship of a remote electronic voter registration only by means of digital signatures.
As an alternative measure to the problems that digital signatures entail, there are solutions which propose using biometric measurements (for example fingerprints, iris recognition, voice recognition, etc.) to carry out the authentication and generation of electronic data in in-person as well as in remote environments. An example is invention US20040143556A1, which describes the use of biometry to protect the authorship of an electronic document. This method only uses voice as a biometric technique. In said method, the user must say a personal identification number (i.e., a key word) which is randomly generated during the process for protecting information (in addition to other data such as the user name, date, etc.). The voice is registered and this registration is attached to the information to be protected. The main problem of this invention is that it does not actually protect the integrity of the electronic document, since the biometric parameter is independent of the content of the document. The information of the document could thus be subsequently modified, attaching it to the voice registration and the information would continue to be considered value. Another method using biometric means for voter registration is the one contained in invention US20060289638. In this invention the registration information is based only on a biometric sample of the voter, which can be a fingerprint or any other biometric measurement. The voter performs the registration by appearing physically before a registration authority, which identifies the voter in-person before capturing a biometric registration of said voter. Said biometric registration will subsequently be used during a voting phase to identify the voter. The main problem of this invention is that it requires the voter to appear physically at a registration center; therefore it is not aimed at facilitating remote registration. In addition, it does not mentioned how the integrity of the registration information of the voter associated with the biometric registration can be protected. Thus, the stored voter registration could be manipulated to assign a different identity to the biometric registration captured from the voter, and thus supplant a person.
In the field of remote voter registration in which biometric measurements are used, invention US20050092835A1 also stands out. In this invention the voter downloads to his personal device, through a communication network, an application which allows him to enter the registration information as well as capture his handwritten signature by means of a capturing device (digitizing tablet). The digitized handwritten signature is attached to the registration information, encrypted and transmitted through a communication network to be stored by a registration authority. Despite the fact that the proposed method facilitates remote registration, it involves the voters having a digitizing tablet for performing said registration. It therefore restricts the fields of supported devices for performing the registration. It does not protect the integrity of the registration information either, since the digitized signature could subsequently be attached to other registration information without it being detected.
To solve the problem of the integrity of the registration of the previous patents, other proposals combine the use of biometric measurements with the digital signature. The objective of these methods is to associate the registration information with a piece of biometric information by means of this digital signature, preventing them from being able to be disassociated without it being detected. Examples of the combination of biometric measurements and digital signature are present in inventions WO0108352A1 and WO2007034255A1. Invention WO0108352A1 describes a method in which a user digitally signs electronic documents together with a biometric parameter of the user obtained at the time of the signature. The objective is to have an item of proof of presence of the proprietor of the signature at the time it was performed. An illegitimate person who has obtained the digital certificate of the user in a fraudulent manner is thus prevented from performing the digital signature. The problem of this invention is the same as that of the methods which only use the digital signature described above: the use is limited to those users having a digital certificate and means for using it.
Invention WO2007034255A1 describes another method for the protection of information by means of biometric techniques and a digital signature, which does not require digital certificates for users. This invention generates an item of biometric proof of the document by concatenating a biometric registration of the user, preferably an image of the handwritten signature, together with a digest or hash of the document (obtained by means of a one-way function). The item of biometric proof is encrypted, attached to the document, and a representative or intermediary uses a private key to digitally sign this set of information. Once digitally signed, the set of data is sent to the destination through a communications network. The limitation of this method is that the integrity of the information depends entirely on cryptographic techniques: the encryption and the digital signature. The biometric registration and the hash of the document contained in the item of biometric proof are linked by the digital signature of a third party. Therefore, there is the risk that the person who generates the digital signature manipulates the data (modifies the document, generates a new hash, concatenates it and encrypts it with the biometric registration of the user, and signs it again). Although in this case it is not necessary for the voter to have a digital certificate for signing, the need to encrypt the information also involves use restrictions to platforms allowing documentation encryption.
As a summary, inventions WO0108352A1 and WO2007034255A1 do not implement a method in which the biometric parameter itself contains information protecting the integrity of the document. The described methods therefore require the use of cryptographic techniques to associate a piece of information with the item of biometric proof and protect the integrity of this association. The user can therefore repudiate “his signature”, i.e., the user can claim that the registered document is not the same as the one which was associated to his biometric parameter.
Finally, in addition to the inventions described, there are mechanisms which use biometric techniques to generate cryptographic keys which allow signing documents or remote electronic transactions. The main purpose of these mechanisms is to offer integrity of the data through the digital signature and at the same time prevent supplantation. For example, the proposal of Hao Feng and Chan Choong Wah (Hao Feng, Chan Choong Wah, 2002. “Private key generation from on-line handwritten signatures. Information Management & Computer Security. ISSN: 0968-5227 Volume: 10 Issue: 4 Page: 159-164) describes a digital signature based on biometry, in which a pattern obtained from a biometric characteristic is used as a basis for generating the pair of keys (public and private). The user can sign digitally once his biometric identifier is captured and his private key is regenerated, said key would thus be prevented from being stored in a device and therefore exposed to being used by means of supplantation. These digital signature mechanisms based on biometry still have concurrence problems, since the precision in capturing the biometric parameter is subject to small differences in each capture. Therefore, when the private key is regenerated during the signature session, said key might not concur with the pair of keys generated originally and in this case the user could not carry out the signature.